Mobile communication devices or mobile devices, such as cellular telephones, smartphones, wireless-enabled personal data assistants, and the like, are becoming more popular as cellular and wireless network providers are able to expand coverage and increase bandwidth. Mobile devices have evolved beyond providing simple telephone functionality and are now highly complex multifunctional devices with capabilities rivaling those of desktop or laptop computers. In addition to voice communications, many mobile devices are capable of text messaging, e-mail communications, internet access, and the ability to run full-featured application software. Mobile devices can use these capabilities to perform online transactions such as banking, stock trading, payments, and other financial activities. Furthermore, a mobile device used by an individual, a business, or a government agency can often store confidential or private information in forms such as electronic documents, text messages, access codes, passwords, account numbers, e-mail addresses, personal communications, phone numbers, and financial information.
In turn, it is more important to protect those devices against malware, malicious attacks and other exploits. Specifically, it would be helpful to be able to identify vulnerabilities for a mobile communication device, so that the user of the mobile communication device can be alerted if his or her device suffers from any exploitable weaknesses. It is also important for an organization that relies on mobile devices to understand the state of their security and be able to respond to vulnerabilities on mobile devices in an efficient and effective manner.
Presently, current solutions for assessing the vulnerabilities of a computer on a network focus on a conventional desktop, laptop, server, or other computing devices that often enjoy more processing power and memory than a mobile communication device and generally have less restricted application environments than a mobile communication device. As such, these computing devices can often include local monitoring services that can run in the background without overly taxing valuable computing resources. In addition, conventional computing devices are often consistently tethered to a particular local network, such that devices can be remotely scanned over the local network for security weaknesses. Mobile communication devices, on the other hand, are often connected to public networks and switch between networks and network types, making remote, network-based security scans undesirable.
What is therefore needed is a way to provide similar protective services for mobile communication devices in a manner that does not overly tax resources on the mobile communication device, and that extends protective services even when the mobile communication device is not connected to a particular network or is not connected to any network.
There are many differences between mobile communication devices (e.g. operating systems, hardware capabilities, software configurations) that make it difficult to have a single system for accurately assessing the vulnerability of multiple types of devices. Additionally, many mobile communication devices are able to accept installation of various third-party software applications or “apps” that have been developed to extend the capabilities of the device. The installation of apps can alter the vulnerability state of a device, since each app may alter how and with which networks the mobile device communicates. What is therefore needed is a way to assess vulnerabilities of a mobile communication device that accounts for differences such as the operating system, the make, model, configuration, or any installed software on the mobile device. Also needed is a way for a user or administrator to view the security status of, remediate, and otherwise assess and manage the security of multiple different mobile communication devices.